Securing Users and Processes in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

Applications That Check for Rights

Applications and commands that can override system controls are considered privileged applications. Security attributes such as UID=0, privileges, and authorizations make an application privileged.

Applications That Check UIDs and GIDs

Privileged applications that check for root (UID=0) or some other special UID or GID have long existed in the UNIX environment. The rights profile mechanism enables you to isolate commands that require a specific ID. Instead of changing the ID on a command that anyone can access, you can place the command with an assigned UID in a rights profile. A user or role with that rights profile can then run the program as that UID without having to become superuser.

IDs can be specified as real or effective. Assigning effective IDs is preferred over assigning real IDs. Effective IDs are equivalent to the setuid feature in the file permission bits. Effective IDs also identify the UID for auditing. However, because some shell scripts and programs require a real UID of root, real UIDs can be set as well. For example, the reboot command requires a real rather than an effective UID.

Tip  - If an effective ID is not sufficient to run a command, assign the real ID to the command.

Applications That Check for Privileges

Privileged applications can check for the use of privileges. The rights profile mechanism enables you to specify the privileges for specific commands that require security attributes. Then, you can isolate the command with assigned security attributes in a rights profile. A user or role with that rights profile can then run the command with just the privileges that the command requires.

    Commands that check for privileges include the following:

  • Kerberos commands, such as kadmin, kprop, and kdb5_util

  • Network commands, such as ipadm, routeadm, and snoop

  • File and file system commands, such as chmod, chgrp, and mount

  • Commands that control processes, such as kill, pcred, and rcapadm

To add commands with privileges to a rights profile, see How to Create a Rights Profile and the profiles (1) man page. To determine which commands check for privileges in a particular profile, see Chapter 6, Listing Rights in Oracle Solaris.

Applications That Check Authorizations

    Some Oracle Solaris commands check authorizations, including the following:

  • Audit administration commands, such as auditconfig and auditreduce

  • Printer administration commands, such as cupsenable and lpadmin

  • Batch job commands, such as at, atq, batch, and crontab

  • Device-oriented commands, such as allocate, deallocate, list_devices, and cdrw.

For guidance about checking a script or program for authorizations, see Example 4–3. To write a program that requires authorizations, see About Authorizations in Developer’s Guide to Oracle Solaris 11 Security .